The open-source AI agent, OpenClaw (widely referred to as ‘Longxia’), has witnessed a dramatic upsurge in its usage. However, its possible security vulnerabilities have caught the eye of regulatory bodies. Departments such as the Ministry of Industry and Information Technology have issued warnings that, when operating under default or incorrect settings, ‘Longxia’ is susceptible to triggering problems like cyberattacks and information breaches. This agent is equipped with persistent memory and proactive execution abilities. Yet, due to unclear trust boundaries and the absence of robust permission control and auditing systems, it could be manipulated by instructions or maliciously hijacked to carry out unauthorized actions. To reduce risks, it is advisable to employ the most recent official version, strictly manage internet exposure, adhere to the principle of least privilege, be cautious when using the skill marketplace, and set up long-term protective measures.